Out-of-Bounds Access Vulnerability in Linux Kernel's Packet Generator Component
CVE-2025-21680

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 31 January 2025

Summary

An out-of-bounds access vulnerability exists in the Linux kernel's pktgen module, which can occur when a user provides an excessive number of imix entries. The flaw arises due to insufficient boundary checks, potentially resulting in access to invalid memory locations within the pkt_dev->imix_entries array. This vulnerability was identified in the Linux Kernel version 6.10.0-rc1 and can compromise system stability and security if exploited. Proper validation is required to prevent improper array access during operations related to packet generation.

Affected Version(s)

Linux 52a62f8603f97e720882c8f5aff2767ac6a11d5f < 3450092cc2d1c311c5ea92a2486daa2a33520ea5

Linux 52a62f8603f97e720882c8f5aff2767ac6a11d5f

Linux 52a62f8603f97e720882c8f5aff2767ac6a11d5f < 7cde21f52042aa2e29a654458166b873d2ae66b3

References

https://git.kernel.org/stable/c/3450092cc2d1c311c5ea92a24...

https://git.kernel.org/stable/c/e5d24a7074dcd0c7e76b7e7e4...

https://git.kernel.org/stable/c/7cde21f52042aa2e29a654458...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Dec 29, 2024